1Password
Highop(ref)
Team/prod secrets via the op CLI (op read <ref>).
Lucentive Labs · agent-tooling
Use a secret in an agent's command without ever showing it the value.
Ferry is an agent-era secrets broker. It runs your command as a child process and injects declared secrets into that child's environment — the value reaches vercel/convex/curl but never touches Ferry's stdout, logs, the audit file, or the calling agent's transcript. You authorize a typed policy once (which secrets, from which backend, for which commands); no per-use biometric prompt, works headless. Even an echoed secret is redacted to [redacted:NAME]. Zero runtime dependencies — nothing but Node built-ins between your secret and the child.
Backends
op(ref)
Team/prod secrets via the op CLI (op read <ref>).
file(name)
Headless reuse. AES-256-GCM, scrypt key from FERRY_FILE_KEY.
env(varName?)
Local dev; reads process.env / a local .env.
The guarantee
Get started
Declare your secrets once, then prefix any command with ferry run --. MIT-licensed, zero runtime dependencies.